TeamViewer user accounts hacked in bulk, bank accounts drained

Reddit is overrun with users complaining about their accounts having been hacked and funds being stolenReuters

TeamViewer users have been complaining of account takeovers and online theft for several weeks on internet discussion forums. Many users of the remote login service have claimed to have been targeted by hackers who mysteriously gained access of their accounts and then proceeded to drain their PayPal and in some cases even bank accounts.

While TeamViewer on 1 June admitted to having experienced a service outage due to a DDoS attack with regards to user accounts being hijacked, the firm blamed the breaches on password reuse. The company stressed the service outage had no connection with the past claims of user accounts having been hacked, adding the company has not been breached.

TeamViewer said: "TeamViewer experienced a service outage on Wednesday, June 1, 2016. The outage was caused by a denial-of-service attack (DoS) aimed at the TeamViewer DNS-Server infrastructure. TeamViewer immediately responded to fix the issue to bring all services back up. Some online media outlets falsely linked the incident with past claims by users that their accounts have been hacked and theories about would-be security breaches at TeamViewer. We have no evidence that these issues are related."

However, TeamViewer users are baffled as to how hackers went about gaining access to their accounts. Even more discerning is users, who claimed to have used strong passwords and enabled two-factor authentication on their TeamViewer accounts, reporting being hit by the hacking spree. Online forum Reddit is overrun with users complaining about their accounts having been hacked and funds stolen from either their PayPal accounts or, in some cases, from their bank accounts.

In light of the recent massive data breaches sustained by LinkedIn, Myspace and more, it is possible that the TeamViewer account hijacking may have been caused by password reuse. Coincidentally, TeamViewer also issued an open letter on 3 June announcing the launch of two new additional security measures in efforts to reassure its users about protecting their personal data.

"As you have probably heard, there have been unprecedented large scale data thefts on popular social media platforms and other web service providers. Unfortunately, credentials stolen in these external breaches have been used to access TeamViewer accounts, as well as other services," said TeamViewer. "To do our utmost to help you — our users — and to further strengthen the protection of your data against these hijacks of cyber criminals, we are globally rolling out improved security measures today in a two-fold approach"